Nebulock-Inc/agentic-threat-hunting-framework
ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.
Structures threat hunts using the LOCK pattern (Learn → Observe → Check → Keep) to create persistent, searchable repositories that AI assistants can reference for context and hypothesis refinement. Includes AI-powered research and hypothesis generation agents, Model Context Protocol (MCP) tool integration for SIEM/EDR execution, and a maturity model spanning from documented hunts (Level 1) to fully autonomous monitoring agents (Level 4). Works platform-agnostic with any SIEM/EDR system and integrates with AI assistants like Claude Code, GitHub Copilot, and Cursor via markdown-based hunt documents.
205 stars and 653 monthly downloads. Available on PyPI.
Stars
205
Forks
29
Language
Python
License
MIT
Category
Last pushed
Mar 09, 2026
Monthly downloads
653
Commits (30d)
0
Dependencies
6
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/agents/Nebulock-Inc/agentic-threat-hunting-framework"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Related agents
AgentSeal/agentseal
Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor...
cosai-oasis/secure-ai-tooling
The CoSAI Risk Map is a framework for identifying, analyzing, and mitigating security risks in...
HeadyZhang/agent-audit
Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis....
oasm-platform/open-asm
Open-source platform for cybersecurity Attack Surface Management (OASM).
affaan-m/agentshield
AI agent security scanner. Detect vulnerabilities in agent configurations, MCP servers, and tool...